A popular fitness app that claims over six million users was leaking private and sensitive data, including health information and private messages sent between users. PumpUp, an Ontario-based company, bills itself as a fitness community, allowing subscribers to discover new workouts and record their results, and get advice from fitness coaches and other users. But… Read More

In March 2017, the FBI agents raided the Manhattan apartment of former NSA and CIA operative Joshua Schulte looking for top secret documents and hacking tools that the defendant allegedly leaked to WikiLeaks. We don’t know if they found what they were looking for, but according to court transcripts and documents reviewed by Motherboard, the… Read More

Kromtech Security said that it found the unprotected data on March 30, adding that it included a treasure-trove of information ranging from “full names, (street) addresses, email addresses, encrypted passwords, wallet information, along with links to scanned passports, driver’s licenses and other IDs,” according to the researchers. Source: threatpost… Read More

Update your Careem passcode, and then update your password on any other accounts using the same or similar details. Make your new one good and strong. Here’s how. And if we’ve said it once, we’ve said it a million times: reusing passwords is really, truly a terrible idea. So don’t! Watch out for spearphishers. Unsolicited… Read More

MEDantex, a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records — apparently for thousands of physicians. Source: krebsonsecurity… Read More

A mobile application built by a third party for the RSA security conference in San Francisco this week was found to have a few security issues of its own—including hard-coded security keys and passwords that allowed a researcher to extract the conference’s attendee list. The conference organizers acknowledged the vulnerability on Twitter, but they say… Read More

First, the proof that I reported this, and the beginning of the timeline. I reported this vulnerability in August 2017, which is shown by the following email exchange with Panera Bread’s Information Security Director, Mike Gustavison. After attempting to contact them through a generic security@panerabread.com email address (which bounced), Twitter and even LinkedIn and email… Read More